Done,sigh.. some more bugs found near the one you found..related to
digest auth, in 4.0 and 3.3....glups ( wonders of copy & paste )
Thanks Bojan..
Saludos ,
Ignacio J. Ortega ( buried on my daily job )
> -----Mensaje original-----
> De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Enviado el: martes 10 de abril de 2001 4:43
> Para: Tomcat Dev List
> Asunto: Bug in JDBCRealm Tomcat 3.3m2
>
>
> The digest should be called on credentials, not on what's
> picked up from
> the database. That would already be digested. Here is the patch for
> JDBCRealm.java:
>
> ---
> jakarta-tomcat-3.3-src-original/src/share/org/apache/tomcat/mo
> dules/aaa/JDBC
> Realm.java Wed Feb 28 06:10:16 2001
> +++
> jakarta-tomcat-3.3-src/src/share/org/apache/tomcat/modules/aaa
> /JDBCRealm.jav
> a Tue Apr 10 12:27:59 2001
> @@ -284,7 +284,7 @@
> return true;
> }
> } else {
> - if (credentials.equals(digest(rs1.getString(1),
> digest))) {
> + if (rs1.getString(1).equals(digest(credentials,
> digest))) {
> if (debug >= 2)
>
> log(sm.getString("jdbcRealm.authenticateSuccess", u
> sername));
> return true;
>
> Bojan
>
